Secure Sharing of Patient Controlled e-Health Record using an Enhanced Access Control Model with Encryption Based on User Identity

Healthcare industry is converting to digital due to the constantly evolving medical needs in the modern digital age. Many researchers have put up models like Ciphertext Policy Attribute Based Encryption (CPABE) to provide security to health records. But, the CPABE-variants failed to give total control of a medical record to its corresponding owner i.e., patient. Recently, Mittal et al. suggested that Identity Based Encryption (IBE) can be used to achieve this. But, this model used a Key Generation Center (KGC) to maintain keys that reduces the trust as the keys may get leaked. To overcome this problem, an enhanced access control model along with data encryption is presented where a separate key generation center is not needed. Because of this, the processing time for setting-up and extraction of keys is minimized. The total processed time of proposed is 74.42ms. But, the same is 92.89ms, 165.42ms, and 218.75ms in case of Boneh-Franklin, Zhang et al., and Yu et al., respectively. Our proposed model also gives a patient the complete control of his/her own health record. The data owner can decide who can access the record (full/ partial) with what access rights (read/ write/ update). The data requestors can be a doctor/ nurse/ insurance providers/ researchers and so on. The requestors are not based on groups or roles but based on an identity that is accepted by the data owner. The proposed model also withstands the key leakage attacks that are due to the key generation center.